End-of-Life (EoL)
Configure the GlobalProtect App for Android
You can deploy and configure the GlobalProtect app on
Android For Work devices from any third-party mobile device management
(MDM) system supporting Android For Work App data restrictions.
On Android devices, traffic is routed through the VPN tunnel
according to the access routes configured on the GlobalProtect gateway.
From your third-party MDM that manages Android for Work devices, you
can further refine the traffic that is routed though the VPN tunnel.
In an environment where the device is corporately owned, the
device owner manages the entire device including all the apps installed
on that device. By default, all installed apps can send traffic
through the VPN tunnel according to the access routes defined on
the gateway.
In a bring-your-own-device (BYOD) environment, the device is
not corporately owned and uses a Work Profile to separate business
and personal apps. By default only managed apps in the Work Profile can
send traffic through the VPN tunnel according to the access routes
defined on the gateway. Apps installed on the personal side of the
device can not send traffic through the VPN tunnel set by the managed GlobalProtect
app installed in the Work Profile.
To route traffic from an even smaller set of apps, you can enable
Per-App VPN so that GlobalProtect only routes traffic from specific
managed apps. For Per-App VPN, you can whitelist or blacklist specific managed
apps from having their traffic routed through the VPN tunnel.
As part of the VPN configuration, you can also specify how the
user connects to the VPN. When you configure the VPN connection
method as
user-logon
, the GlobalProtect app
will establish a connection automatically. When you configure the
VPN connection method as on-demand
, users
can initiate a connection manually when attempting to connect to
the VPN remotely.The VPN connect method defined in the MDM takes precedence
over the connect method defined in the GlobalProtect portal configuration.
Removing the VPN configuration automatically restores the GlobalProtect
app to the original configuration settings.
To configure the GlobalProtect app for Android, configure the
following Android App Restrictions.
Key | Value Type | Example |
|---|---|---|
portal | String | 10.1.8.190 |
username | String | john |
password | String | Passwd!234 |
certificate | String (in Base64) | DAFDSaweEWQ23wDSAFD…. |
client_certificate_passphrase | String | PA$$W0RD$123 |
app_list* | String | whitelist | blacklist: com.google.calendar; com.android.email; com.android.chrome |
connect_method | String | user-logon | on-demand |
remove_vpn_config_via_ restriction | Boolean | true | false |
*The
app_list
key specifies the
configuration for Per-App VPN. Begin the string with either the
whitelist or blacklist, and follow it with an array of app names
separated by semicolon. The whitelist specifies the apps that will
use the VPN tunnel for network communication. The network traffic
for any other app that is not in the whitelist or expressly listed
in the blacklist will not go through the VPN tunnel.Recommended For You
Recommended Videos
Recommended videos not found.
